Wikipedia:Reference desk/Archives/Computing/2012 December 23

= December 23 =

Youtube's 500 Internal Server Error
Occasionally when I go on Youtube, there's an error that's called the '500 Internal Server Error', and a pack of monkeys were sent to deal with the situation, which I'm pretty sure it's for humor. But is this actually real? WWEWizard2 (talk) 00:36, 23 December 2012 (UTC)
 * While packs of server maintenance monkeys are almost certainly a joke, the "500 Internal Server Error" code is one of standard HTTP status codes, which means what it sounds like - the server experienced some sort of an internal error, but no further information was provided as to what the error actually was. — daranz [ t ] 00:41, 23 December 2012 (UTC)

How secure is the https connection in Wikipedia?
How is https connection to wikipedia currently been encrypted? How can these connection be attacked to retrieve datas such as what edits have I done or what pages have I visited?--Inspector (talk) 07:06, 23 December 2012 (UTC)


 * Wouldn't us telling everyone reading this how the connection could be 'attacked' make it easier to do? If you are going to be paranoid, at least be logical about it... AndyTheGrump (talk) 07:20, 23 December 2012 (UTC)
 * Information security experts generally take a dim view of trying to keep vulnerabilities under wraps by just not telling people about them. See security through obscurity.  Most of the time, the most effective strategy is to assume that, if a vulnerability exists, the bad guys will find out about it, so you try to find it first by vigorous open discussion.
 * (By the way, Inspector, anyone can find out what edits you have done, just by visiting Special:Contributions/Inspector. No hacking required.  This is public information.) --Trovatore (talk) 08:10, 23 December 2012 (UTC)
 * At least attacking will require some degree of working. For example, if ISP holds important imformation about decryption, then not everyone would gain access to it.--Inspector (talk) 07:28, 23 December 2012 (UTC)
 * Or, you can say what kinds of attacking do not work for https. If there do exist any easy methods of attacking that can be post on somewhere and a number of people can do it quickly, then I guess I won't even be able to ask this question on Wikipedia.--Inspector (talk) 07:29, 23 December 2012 (UTC)
 * Finding the edits you have done doesn't need any kind of attack. Rojomoke (talk) 07:57, 23 December 2012 (UTC)
 * Oh, yes, I really asked a silly one. And how about the things I have visited?--Inspector (talk) 07:58, 23 December 2012 (UTC)
 * Well, that might or might not be possible, but breaking https doesn't seem particularly relevant. Assuming the information is stored somewhere on the Wikimedia servers, which it may or may not be, you'd have to hack the servers themselves.  --Trovatore (talk) 08:12, 23 December 2012 (UTC)
 * Oh, unless you mean someone monitoring your traffic in real time. I suppose breaking https would help with that. --Trovatore (talk) 08:14, 23 December 2012 (UTC)
 * Not that if the adversary has continous control over the wikimedia servers (e.g. via hacking) then breaking https still becomes irrelevant even for real time monitoring. Even if you want to monitor the connection in between for whatever reason rather, you don't need to break HTTPS, just use information from the wikimedia servers to decrypt to connection. The point of end to end cryption is to stop Man-in-the-middle attacks but it's not a MITM when the 'man' actually is the the same person as one end. Nil Einne (talk) 10:57, 23 December 2012 (UTC)
 * I seemed to remember why did I ask this question. Let's say, if anyone knows I am Inspector on Wikipedia, how would he/she know who I am? I guess first he/she needed to find out my IP address. So is the URL I access on wikipedia secure in the middle of transmission?--Inspector (talk) 13:16, 23 December 2012 (UTC)
 * If they don't have access to the wikimedia servers, probably. The point is, if they do, then there's little point worrying about them monitoring your connection in between. If you're worrying about someone 'breaking https', you really should be more worried about someone breaking wikimedia's security. In fact if you're worried about them associating your IP with your account, then you don't even have to worry about the security of the servers, but the security of every single WP:checkuser. Although even this probably should be your main worry, your main worry should be your own personal security. Can you really guarantee that you aren't going to give away your IP (e.g. by accidentally editing while logged out) or as much info as your IP reveals even without giving away your IP? Plenty of people have unintentionally done this sort of thing. Can you at least guarantee you aren't going to give enough to make a guess of who you are and then use any insecurity on your computer to find out for sure? For that matter, depending on the resource of your attacker and how much info you give away, you should consider the risk of correlation attacks. Although to be honest this is fairly unlikely (i.e. the wrong thing to worry about) except in the case where someone needs something which will stand up in court in a developing country where potentially this would, but probably not if they illegitimately break in to your computer or wikimedia's. BTW, are you even sure you always use HTTPS (so breaking HTTPS even comes in to it)? Nil Einne (talk) 13:40, 23 December 2012 (UTC)
 * HTTPS seemed to be a recent development of wikipedia. Well, it is quite useful when there is much probability to encounter pages that contains informations that would be blocked be GFW.--Inspector (talk) 13:47, 23 December 2012 (UTC)
 * Actually secure.wikimedia.org has existed for a long time. The recent change has been the implementation of HTTPS via the main servers. BTW, I'm not sure if you're getting my main point which is even in a case like China, if you're really worried you're probably worrying about the wrong thing if you're worrying about someone breaking HTTPS, there are plenty of other more likely avenues of attack. In other words, while it may be true HTTPS provides difficult to break end to end encryption when you use it, you still need to worry about either end. Don't have a false sense of security from the security of HTTPS. As I'm sure Nimur would love to point out, are you even sure you can trust your trusted certificate authorities? Nil Einne (talk) 14:05, 23 December 2012 (UTC)


 * (EC) One thing I wanted to add (and looking at your user page I can perhaps someone understand your concern), remember that if you don't always use HTTPS and you are worried about man in the middle attacks, remember that you don't even have to actually post. Just using preview would probably be enough. In fact using preview and then later posting under your proper identity will potentially be even more of a giveaway than just posting under an IP (depending on what you posted) if someone is really monitoring your connection. The same with my point about using HTTPS, you need to set up your system to ensure you always use HTTPS, I have heard in the past even after HTTPS was implemented on the main wikipedia servers recently that the servers were still mixing secure and insecure content. Nil Einne (talk) 13:56, 23 December 2012 (UTC)
 * The HTTPS connection to wikipedia is as secure as is most other HTTPS connections. There's a large body of literature dedicated to the PKI around the certificate system. Despite all its criticism, it's done relatively well. It should upgrade signature hashes (sha1 is inadequate), and should insist on 4096 keys and above but beyond idle complaints, it's worked remarkably well in practice. Responses here have veered off into other issues, which is fine because they're relevant, but the OP asks about https. Our article on that is good at demonstrating the strengths and weaknesses of that system. Shadowjams (talk) 10:47, 25 December 2012 (UTC)
 * It will be much easier to look at your computer and observe the history in the browser. Alternatively by traffic analysis someone could seriously narrow down the pages viewed by looking at the amount of data transferred on the https connection, even if they could not see the actual content.  Pictures would have their own connection and data count, so that narrows down the pages even more. Graeme Bartlett (talk) 07:44, 28 December 2012 (UTC)

Why have some programming languages failed and others not?
OsmanRF34 (talk) 14:47, 23 December 2012 (UTC)


 * By "failed" do you mean fallen out of use ? StuRat (talk) 16:44, 23 December 2012 (UTC)


 * Yes, regarding the use. I wonder specifically why Java became so fashionable. OsmanRF34 (talk) 21:01, 23 December 2012 (UTC)


 * Well, there are some general rules for any new technology:


 * 1) It must be sufficiently better than what's out there to justify the costs of changing over.


 * 2) A certain "critical mass" must be reached for it to "catch on". That is, nobody wants to learn a language nobody else uses, or buy a computer that's incompatible with everything else.  How to get there is an interesting problem.  Apple gave discount computers to schools to get to the "critical mass", for instance.


 * 3) Then, once it does catch on, it must be updated regularly to fix bugs and add new features. However, you don't want old JAVA code to need to be rewritten. StuRat (talk) 23:35, 23 December 2012 (UTC)


 * Java became popular at the same time the internet did, and that was the way the world was moving. It was the technology behind interactive web pages and remains popular today even though there are many rival technologies. The huge advantage of java over the traditionally popular languages of the time (C, Basic, Pascal, etc.) was that you could maintain code in one place and access your application from anywhere, instead of having to deploy upgrades every time changes were made to binaries. So, essentially, the world is moving towards the dumb client/mainframe days, just on a global scale, and with user friendly devices able to seamlessly connect to the internet. Therefore, to the masses, java and related technologies are indistinguishable from magic. Sandman30s (talk) 08:55, 24 December 2012 (UTC)


 * A language is a dialect with an army and a navy. In computing terms, that means one with corporate backing, eg. Java and Sun, JavaScript and Netscape. There will be plenty of exceptions, but it certainly helps having a company behind a language. IBE (talk) 13:33, 25 December 2012 (UTC)

Can I use a different laptop power adapter?
I have travelled (a long way) home for the Christmas holidays, but unfortunately left my company-issued laptop's power adapter at the office. The laptop is a Dell Latitude E6320, and the label on the bottom says what the expected input voltage and current is expected. However, the label doesn't say what Dell model power adapter is expected and the Dell website doesn't list which adapters are compatible with the laptop. My neice also has a Dell laptop (an Inspiron) with a PA-12 65W power adapter which outputs the same voltage. Can I use her adapter to charge my company's laptop, without damaging it? Astronaut (talk) 15:19, 23 December 2012 (UTC)


 * AC adaptor polarity.png the plug fits, and the polarity is the same, and the adapter outputs at least as much current as the laptop requires, then you should be safe. -- BenRG (talk) 17:29, 23 December 2012 (UTC)


 * Actually, if the voltage is higher than what the laptop is designed to take, you can fry your motherboard. You can go higher with the amps, but not the volts. In this case, he says the voltage is the same, so he should be safe.&mdash;Best Dog Ever (talk) 23:14, 23 December 2012 (UTC)
 * I'm reasonably sure BenRG knew that, but the OP had already said voltage was the same. Nil Einne (talk) 03:39, 24 December 2012 (UTC)


 * You can buy a general power adapter. They come normally with isntructions and specific plugs for common models.
 * Check the bottom of your laptop and the adapter to see what volts, amps and polarity they require. It's almost 100% sure that another Dell adapter will fit your laptop. OsmanRF34 (talk) 21:06, 23 December 2012 (UTC)


 * Meaning there's only a 1% chance it will explode into a ball of flame ? :-) StuRat (talk) 23:28, 23 December 2012 (UTC)

Thank you for the answers, but my question is about these specific models. The laptop only states the voltage and amps expected, with no indication as to the model of the power supply or the polarity that it expects. The PA-12 adapter is a very common Dell adapter that is compatible with a lot of Dell laptops, but not all of them (for example: my own personal laptop uses a different adapter). I was hoping someone might have a Dell Latitude E6xxx series laptop and would be able to check their adapter for me. I would rather avoid damaging up my company's laptop. Astronaut (talk) 09:25, 24 December 2012 (UTC)
 * As stated above, the only thing you apparently need to find out is the polarity of the adapter and laptop and whether the plug fits. For the former, if it's a common adapter this shouldn't be hard, for the laptop you may need to check out the spec sheet or similar (but are you sure Dell even has adapters with different polarities but the same size and type plug?). For the later, actual testing should be harmless provided you don't force it in when it isn't fitting. I'm assuming you already checked the adapter can supply enough current. The actual adapter used by a Dell Latitude E6xxx series is largely a moot point, it could for example be a lower current one in which case it will not be the same adapter but it doesn't mean you can't use the other adapter. But if you really want to find out, the simple solution is to find out what Dell says. (And it would actually probably be riskier to assume the Dell Latitutude E6300 uses the same one as the E6320 unless Dell indicates so.) Nil Einne (talk) 10:46, 24 December 2012 (UTC)


 * The polarity and the plug are the same, but the E6320 seems to need 90 watts (19.5 volts 4.62 amps). Using the 65 watt adaptor will probably result in an error message from the laptop, though I gather that this can be ignored and the laptop will actually charge slowly.  The risk is to the adaptor which might overheat.  I don't know if this helps.  I don't own a Dell, but I think the adaptor you need is a PA10.    D b f i r s   10:52, 24 December 2012 (UTC)


 * I've done this with Dell laptops before. My laptop required 90 watts, and the only adapter I could borrow was 65. On bootup, the laptop complained that the power supply was insufficient and that it may not charge. It did charge, but more slowly than usual. I suspect that if I were running 3d games or something else that taxed the system that it would have slowly lost power. If you shut down or hibernate when you're not using the system, the 65W cord will probably charge it up reasonably quickly. 209.131.76.183 (talk) 17:48, 26 December 2012 (UTC)


 * As I said above, " buy a general power adapter. They come normally with instructions and specific plugs for common models." The manufacturers know what they are doing, and these adapters normally come with enough amps (volts can be chosen). OsmanRF34 (talk) 14:24, 24 December 2012 (UTC)

Standardisation of power adapters
A lateral thought from the question above...

PCs and laptops benefit from international standards for most connectors these days. Is there any hope some sort of standardisation could arise for power adapters and connectors? HiLo48 (talk) 23:45, 23 December 2012 (UTC)


 * There are existing standards (plural) for DC power connectors, both for coaxial and others. These are for the connectors, not for the voltage and amperage - the latter is more difficult to standardize, as various devices will require different values, and so manufacturers are better off tailoring a power supply for what the particular device will need. Connector size requirements, too, can vary depending on the size of the device itself (think laptop compared to a netbook).
 * Of note is the fact that there are standards for mobile phone chargers, like the Common External Power Supply. This is easier to accomplish since mobile devices generally have a smaller range of power requirements, and a lot of them are capable of charging off MicroUSB anyway. — daranz [ t ] 01:02, 24 December 2012 (UTC)


 * To me that's like saying that it's hard to have standards because things aren't standardised. Most connectors began their lives as some individual company's approach, and now they have become standardised across the industry. I suspect it could happen with power supplies too if suppliers actually wanted it to. HiLo48 (talk) 21:18, 24 December 2012 (UTC)